Quote:A pair of vulnerabilities in the Fortress S03 WiFi Home Security System could allow cyberattackers to remotely disarm the system, leaving homes open to unlawful entry.
The Fortress platform is a consumer-grade home security system that allows users to mix and match various sensors, IP cameras and accessories, connecting them via Wi-Fi to create a personalized security system. RF fobs are used for system control, arming and disarming monitors on doors, windows and motion detectors.
According to Rapid7 researcher Arvind Vishwakarma, who discovered the bugs, the “vulnerabilities could result in unauthorized access to control or modify system behavior, and access to unencrypted information in storage or in transit.” Both bugs remain unpatched.
The first vulnerability, tracked as CVE-2021-39276, is due to an insecure cloud API deployment, he said in a Tuesday post. Unauthenticated users can trivially exploit it to retrieve a secret that can then be used to alter the system’s functionality remotely. To disarm an alarm system, attackers can send a specially crafted unauthenticated POST to the API.
“If a malicious actor knows a user’s email address, they can use it to query the cloud-based API to return an International Mobile Equipment Identity (IMEI) number, which appears to also serve as the device’s serial number,” Vishwakarma said. “With a device IMEI number and the user’s email address, it is then possible for a malicious actor to make changes to the system, including disarming its alarm.”
Read more: Fortress Home Security Open to Remote Disarmament
![[-]](https://www.geeks.fyi/images/collapse.png)
